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DETAILED ACTION 

1. Claims 1-37 have been examined. 

Information Disclosure Statement 

2. There are no copies provided for references AN and AO listed in the 
information disclosure statement filed 11/16/05. 

Claim Objections 

3. Claims 1 and 13 are objected to because of the following informalities: 
"a start nodes" (Claim 1, lines 8-9) should be changed to "a start node"; and 
"a new key session" (claim 13, line 10) should be changed to "a new session 
key". Appropriate correction is required. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to 
enable any person skilled in the art to which it pertains, or with which it is most nearly 
connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 

5. Claims 1-32 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the enablement requirement. The claim(s) contains 
subject matter which was not described in the specification in such a way as 
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to enable one skilled in the art to which it pertains, or with which it is most 
nearly connected, to make and/or use the invention. Regarding claim 1, it 
recites the limitation "sending a start message on said specific multicast 
channel by using a start nodes, wherein the start node starts an operation or 
an application; receiving at a receiving node the start message; and 
validating an authenticity of the start message upon receipt of the start 
message at the receiving node" in lines 8-12. The specification discloses 
that the start node Rl generates a digital signature DS1 for the start 
message by encrypting the source address and a random value using the 
private key of Rl, i.e., DSl = Enc (Source Address, Random Value, Private 
Key of Router 1) (paragraphs 0040-0045). The specification then discloses 
that the receiving node R2 receives the start message together with 
signature DS1 and validates the authenticity of the start message by: 
generating a digital signature DS2 by encrypting the source address and the 
random value retrieved from the start message using the public key of Rl, 
i.e., DS2=Enc (Source Address, Random Value, Public Key of Router 1); 
comparing DS1 and DS2, and determining that the start message is 
authentic if DS1 = DS2 (paragraphs 0046-0048). However, it is well known 
in cryptography art that the values of the public key and the private key of a 
public/private key pair are not supposed to be the same. As a result, the 
signatures DS1 and DS2 disclosed in the specification would never be the 
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same when the private key and the public key used in the process are valid 
keys and that the start message is authentic. Thus, the disclosure fails to 
enable one skilled in the art to make and use. the claimed invention. Claim 
17 is rejected on the same basis as claim 1. Claims that are not specifically 
addressed are rejected by virtue of their dependency. 

6. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

7. Claims 32 and 36 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and 
distinctly claim the subject matter which applicant regards as the invention. 

■ Claim 32 recites the limitation "the Designated Router" in line 3. 
There is insufficient antecedent basis for this limitation in the claim. 
For examination purposes, the limitation is interpreted as w a 
Designated Router". 

■ Claim 36 recites the limitation "a routing comprising a Designated 
Router" in line 2. It is not clear what the limitation means. For 
examination purposes, the limitation is interpreted as "a Designated 
Router". 
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8. Claims 1-2, 5-18, 21-34 and 36-37 are rejected under 35 U.S.C. 112, 
second paragraph, as being incomplete for omitting essential steps, such 
omission amounting to a gap between the steps. See MPEP § 2172.01. 
Regarding claim 1, the omitted step is: signing or encrypting by the start 
node the start message using a private key of the start node before sending 
the start message. Without the start node singing or encrypting the 
message using its private key, the receiving node cannot validate the 
authenticity of the start message and, therefore, cannot determine that the 
start node is valid (Specification, paragraphs 0040-0048). Claims 17 and 33 
are rejected on the same basis as claim 1. Claims that are not specifically 
addressed are rejected by virtue of their dependency. 

Claim Rejections - 35 USC §102 

9. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in 
this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country 
or in public use or on sale in this country, more than one year prior to the date of application 
for patent in the United States. 

10. Claims 1-3, 5-6, 17-19, 21-22, 33-35 and 37 are rejected under 35 
U.S.C. 102(b) as being anticipated by Moy ("RFC 2328 - OSPF Version 2"). 
Moy discloses a method performed in a communication system including a 
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plurality of nodes, i.e., routers implemented in OSPF routing protocol, 
communicating in a shared network segment and at least one multicast 
channel in said shared network segment (Section 1, Introduction), the 
method comprising: sending multicast messages from nodes on at least one 
multicast channel to other nodes (Section 4.3, Routing protocol packets; 
Section 4.4, Basic Implementation Requirements); providing a further 
specific multicast channel for sending start messages by the nodes to said 
other node; sending a start message, i.e., a hello message, together with a 
signature of the start message on said specific multicast channel by using a 
start node, wherein the signature is generated by the start node using a key, 
and wherein the start node starts an operation or an application (Section 
7.1, The Hello Protocol; Section 9.3, The Interface State Machine; Section 
A.3.2, The Hello Packet; Section D.3, Cryptographic Authentication); 
receiving at a receiving node the start message; and validating an 
authenticity of the start message using the signature upon receipt of the 
start message at the receiving node (Section D.5.3, Verifying Cryptographic 
Authentication; Security Consideration at the end of the paper). 

11. Claims 1-6, 17-22, 33-35 and 37 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Murphy et al. ("Digital Signature Protection of the 
OSPF Routing Protocol") as evidenced by Moy ("RFC 2328 - OSPF Version 



Application/Control Number: 10/648,770 Page 7 

Art Unit: 2132 

2"). Murphy discloses protection of routing information exchanged between 
routers in OSPF routing protocol using digital signature (Abstract). 
Specifically, Murphy discloses that when a sending router sends routing 
information message to a receiving router, the sending router signs the 
message using its private key so that the receiving router can verify the 
signature using the public key of the sending router to determine the 
authenticity of the message (Section 4, Using digital signature in OSPF). 
Murphy does not explicitly disclose multicasting different kinds of messages 
including a hello message; however, Moy discloses that this feature is 
inherent to the OSPF routing protocol (Section 1, Introduction; Section 4.3, 
Routing protocol packets; Section 7.1, The Hello Protocol; Section 9.3, The 
Interface State Machine; Section A. 3. 2, The Hello Packet). 

12. Claims 1-8, 10-12, 17-24, 26-28 and 33-37 are rejected under 35 
U.S.C. 102(b) as being anticipated by Nguyen et al. (2002/0016926) as 
evidence by Moy ("RFC 2328 - OSPF Version 2"). 

Regarding claims 1-6, 17-22, 33-35 and 37, Nguyen discloses a 
method and system for securely exchanging routing information among 
routers, i.e., secure gateway devices (SGDs), in OSPF routing protocol using 
encryption (Abstract; paragraphs 0088, 0101). Specifically, Nguyen 
discloses that when a sending router sends routing information message to a 
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receiving router, the sending router encrypts the message using an 
encryption key (paragraphs 0102, 0104-0105). Murphy does not explicitly 
disclose multicasting different kinds of messages including a hello message; 
however, Moy discloses that this feature is inherent to the OSPF routing 
protocol (Section 1, Introduction; Section 4.3, Routing protocol packets; 
Section 7.1, The Hello Protocol; Section 9.3, The Interface State Machine; 
Section A.3.2, The Hello Packet). 

Regarding claims 7-8, 10, 23-24, 26 and 36, Nguyen does not 
explicitly disclose sending the multicast messages from the nodes 
comprising routers including a Designated Router and other routers; 
deciding that the Designated Router comprises an only available node in a 
shared segment if the Designated Router does not receive a response or the 
start message from the other nodes when only the Designated Router 
comprises an active node in a shared network segment; however, Moy 
discloses that this feature is inherent to the OSPF routing protocol (Section 
1.2, Definitions of Commonly Used Terms; Section 4.3, Routing protocol 
packets; Section 7.1, The Hello Protocol; Section 7.3, The Designated 
Router). Nguyen further discloses generating a session key for encrypting 
multicast routing information, e.g., routing updates, using ISAKMP 
(paragraphs 104-105, 110-111). 
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Regarding claims 11-12 and 27-28, Nguyen further discloses engaging 
in Internet Key Exchange (IKE) protocol between routers involved in a 
communication session to generate security associations (paragraphs 0024- 
0025, 0105, 0119). Nguyen also discloses secure multicast communication 
among routers (paragraphs 0110-0111). Inherently, security associations 
used for unicast communication are different from those used for multicast 
communication. 

Claim Rejections - 35 USC §103 

13, The following is a quotation of 35 U.S.C. 103(a) which forms the basis 
for all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains, Patentability shall not be 
negatived by the manner in which the invention was made. 

14. Claims 13-15 and 29-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Nguyen as evidence by Moy as applied to claims 1 and 17 
above, and further in view of Srivastava et al. (7,103,185). Nguyen 
discloses using security associations for unicast/multicast communication 
between routers (paragraphs 0104-0105, 0110). Nguyen does not explicitly 
disclose a Designated Router and a Backup Designated Router connected 
(i.e., adjacent) to each other and to other routers in the network; however, 
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Moy discloses that this feature is inherent to the OSPF routing protocol 
(Section 7.3, The Designated Router; Section 7.4, The Backup Designated 
Router). Nguyen does not disclose changing the session key for a multicast 
group when a new member joins the multicast group or when a member 
leaves the multicast group. Srivastava discloses a method for management 
of session keys in a multicast group comprising generating a new session 
key for a multicast group by a designated member when a new member 
joins the multicast group or when a member leaves the multicast group (col. 
2, lines 58-67; figures 4B-C; col. 11, line 50 - col. 12, line 45). Srivastava 
also discloses generating a new session key for a multicast group when a 
member leaves the multicast group (col. 2, lines 58-67). It would have 
been obvious to one of ordinary in the art at the time the invention was 
made to modify the Nguyen method to change the session key for a 
multicast group when a new member joins the multicast group or when a 
member leaves the multicast group, as taught by Srivastava. The 
motivation for doing so would have been to prevent the new member from 
decrypting past messages and the member who leaves from deciphering 
future messages of the multicast group. 

15. Claims 9 and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Nguyen as evidence by Moy as applied to claims 7 and 23 
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above, and further in view of Kaliski, Jr. (6,085,320). Nguyen, discloses 
using ISAKMP (Internet Security Association and Key Management Protocol) 
(paragraph 0105). Inherent to ISAKMP, each party in a two-party 
communication session generates a session key using a random number, its 
own private key and the other party's public key (according to Diffie-Hellman 
algorithm); however, a timestamp is not used to generate the session key in 
ISAKMP. Kaliski discloses using a timestamp (i.e., a time-varying value) in 
generating a session key (col. 5, lines 34-38). It would have been obvious 
to one of ordinary in the art at the time the invention was made to modify 
the Nguyen method to use a timestamp in generating the session key, as 
taught by Kaliski, in order to prevent replay attack. 

Allowable Subject Matter 

16. Claims 16 and 32 are not rejected over prior art. 

17. The following is a statement of reasons for the indication of allowable 
subject matter. Regarding claims 16 and 32, the limitations "generating 
using a Designated Router a new group key for all nodes when new Open 
Shortest Path First nodes join a network; first distributing the new group key 
to a Backup Designated Router using the Designated Router; next using the 
Designated Router and the Backup Designated Router to distribute the new 
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key to all other nodes using respective unicast security association 
messages", in combination with elements of the parent claims, have not 
been taught by prior art. The closest prior art, Harney et al. ("RFC 2094 - 
Group Key Management Protocol (GKMP) Architecture"), discloses that the 
designated group controller of a group either distributes a group key to each 
group member or broadcast the key to the group (Section 2.2.1); however, 
Harney does not disclose using help from a backup group controller in 
distributing the group key to each node. 

Conclusion 

18. The prior art made of record and not relied upon is considered 

pertinent to applicant's disclosure. 

U.S. Patent No. 6,751,729 to Giniger et al. 

Antoine et al., "Router Security Configuration Guide" 

Harney et al., "RFC 2094 - Group Key Management Protocol (GKMP) 

Architecture" 

Maughan et al., "RFC 2408 - Internet Security Association and Key 
Management Protocol (ISAKMP)" 

Papadimitratos et al., "Securing the Internet Routing Infrastructure" 
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Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Minh Dinh whose telephone number 
is 571-272-3802. The examiner can normally be reached on Mon-Fri: 
10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron can be reached on 571-272-3799. 
The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is 
available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 
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